Juniper Secures Virtual Networks with vGW Update

As virtualization usage inside of data centers grows, so too does the increased need for higher levels of security. While VMware's virtualization solutions can provide security, there is also a growing market of third-party vendors that deliver virtualization security solutions. Among those vendors is Juniper Networks and its vGW (virtual gateway) solution.

This week, Juniper is updating vGW to version 5.5, providing new features to meet the growing challenges of securing virtual infrastructure at scale.

"vGW is a software solution for securing virtual environments doing the same sort of things that physical devices do," Johnnie Constansis, product marketing manager at Juniper told EnterpriseNetworkingPlanet. "Firewall, IPS, malware detection, anti-virus and compliance checking are all part of the vGW product."

The vGW software came to Juniper by way of the acquisition of Altor Networks for $95 million in December of 2010. In 2011, Juniper added anti-virus scanning capabilities to the platform enabling administrators to scan virtual machines in real time for the presence of viruses.

Constansis noted that over the course of the last year, a key market vertical for the vGW solution has been large service providers. Those providers had additional requirements beyond enterprise needs, that are now being addressed in the vGW 5.5 update.

One of the new vGW 5.5 features is full IPv6 support. The free pool of available IPv4 addresses has now been exhausted and service providers around the world are now making the slow transition to IPv6. Constansis said that with the IPv6 support in vGW 5.5, service providers can now express and enforce policy on IPv6 networks.

The need for IPv6 support isn't just about ensuring that the vGW is ready for future requirements. Constansis said that one of Juniper's customers for the vGW is the largest ISP in Japan. IPv6 adoption is now being mandated in Japan, so in order for Juniper to support them, it's essential that the vGW support IPv6.

Performing IPv6 security enforcement isn't just about understanding IPv6 addresses. There is also a need to ensure that additional, potentially malicious data has not somehow been injected into the IPv6 packet information flow. As well it's important to make sure that overall security policy is built for IPv6 for source and destination IP address enforcement.

From a management perspective, the vGW 5.5 now has the ability to be logically divided at the front end to provide different views into the management center. The system now also has an API that enables service providers to be able to control what they make available to their virtualization customers.

Juniper Integration

One of the key benefits of the vGW software is that it can integrate with Juniper's physical security assets including the SRX security appliance. With the SRX integration a vGW can get policy information from the physical devices ensuring a seamless extension of security policy for both the physical and the virtual realms.

One area that the vGW is not yet integrated with, is the Mykonos security product. Juniper acquired Mykonos earlier this year as a way to extend its security portfolio with a proactive technology. Mykonos' technology provides traps and behavior based analytics that go beyond traditional security devices.

"All of our products are in the same business unit, so we're always looking for integration," Constansis said. "The Mykonos stuff is an interesting area that we're exploring, but there is nothing there yet."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.